Developer forum

Forum » CMS - Standard features » Restrict access to files

Restrict access to files

E-mail notifications
Anders Ebdrup
Reply
Posted on 13/05/2014 13:39:25

Hello!

 

How do I restrict direct access to files in a folder? I have tried with "IP Address and Domain Restrictions" on the IIS, but then the preview is not working in the administration: Admin/FileManager/FileManager_preview.aspx as it does not seem to stream the file to the browser, but just forwards the request.

 

Best regards, Anders


Replies

 
Anders Ebdrup
Posted on 24/05/2014 10:30:53
Reply

Hi again,

 

Doesn't anyone know how to properly restrict access to files in Dynamicweb?

 

Best regards, Anders

 
Thomas Schroll
Posted on 24/05/2014 10:52:56
Reply

Hi Anders

Have you tried to right click the folder in File Manager and set the Permissions?

Otherwise you can define a secure folder in Management Center/Control Panel/User Management/Extranet secure folder.

Regards Thomas

 

 
Morten Bengtson
Posted on 24/05/2014 12:40:40
Reply
  1. Select the secure folder in Management Center > Control Panel > Modules > User Management > Extranet secure folder.
  2. Go to File Manager, right click the secure folder and set the permissions.
  3. In IIS, click on the secure folder you have chosen and then under IIS > Authentication you should disable anonymous access.

EDIT: The problem with image preview in File Manager seems to be a bug, but I'm not sure. If you click "Edit" in the preview window then you can see the image. GetImage.ashx does not work on images in secure folders, but GetImage.aspx does work (since it does not respect the permission settings?). The issue might be related to another bugfix... http://developer.dynamicweb-cms.com/releases/dynamicweb-8-4-1/bug-fixes-8-4-1.aspx#item14398

 
Anders Ebdrup
Posted on 26/05/2014 21:35:27
Reply

Hi Morten,

 

Thank you very much, but when clicking the preview icon in the administration for a file in the given folder, then I get this:

401 - Unauthorized: Access is denied due to invalid credentials.

 

It seems like this file: "Admin/FileManager/FileManager_preview.aspx" is not streaming the content to the browser, but just tries to forward the request to the protected file. What am I doing wrong?

 

Best regards, Anders

 
Anders Ebdrup
Posted on 02/06/2014 09:26:28
Reply

Hi Dynamicweb,

 

Can you please tell how the restriction for files is supposed to work?

 

Best regards, Anders

 
Jeroen Elias
Posted on 12/01/2016 12:36:48
Reply

I would like to know, too!

 
Nicolai Høeg Pedersen
Posted on 12/01/2016 13:18:03
Reply

It works like Morten describes and it is explained in the installation guide.

Remove read from IIS for the a folder under /Files/Files - then set it up as a secure folder in control panel, and start setting up permissions in the file manager. Doing that, all links to files in /Files/Files/{yoursecureFolder}/anyOtherFolder/AFile.ext will unavailable to access. Only by using a link to /Admin/Public/DwsDownloas.aspx which DW will automatically insert when you link to files.

You cannot insert images as img tags, but you can link to them.

 
Jeroen Elias
Posted on 12/01/2016 14:45:36
Reply

Thanks Nicolai for the quick answer!

I will give it a try.

 
Jeroen Elias
Posted on 12/01/2016 14:57:03
Reply

Works fine now!
Thanks!

 
Anders Ebdrup
Posted on 16/01/2016 18:57:12
Reply

Hi Nicolai,

 

Has the problem with the missing "Preview"-function been fixed in the later versions?

 

Best regards, Anders

 
Nicolai Høeg Pedersen
Posted on 18/01/2016 15:49:40
Reply

No it has not.

The preview relies on a path like /files/files/secretfolder/image.jpg - and it will not serve the image as it has been diabled from IIS.

This feature was originally made for documents and files, hence the path, and therefore does not support showing or previewing images.

 

You must be logged in to post in the forum